From ff7d08dc8bd356df7d29c771da420aec2e099e2d Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkinder@redhat.com>
Date: Thu, 24 Sep 2009 12:02:29 -0700
Subject: Allow anonymous access to be disabled.

This adds a new config switch (nsslapd-allow-anonymous-access) that
allows one to restrict all anonymous access.  When this is enabled,
the connection displatch code will only allow BIND operations through
for an unauthenticated user.  The BIND code will only allow the
operation through if it's not an anonymous or unauthenticated BIND.

I also fixed a missing capability in the SELinux policy that I ran
into while testing this patch.
---
 ldap/admin/src/scripts/DSMigration.pm.in | 1 +
 1 file changed, 1 insertion(+)

(limited to 'ldap/admin/src/scripts')

diff --git a/ldap/admin/src/scripts/DSMigration.pm.in b/ldap/admin/src/scripts/DSMigration.pm.in
index c0a7614d..64e066b7 100644
--- a/ldap/admin/src/scripts/DSMigration.pm.in
+++ b/ldap/admin/src/scripts/DSMigration.pm.in
@@ -101,6 +101,7 @@ my %ignoreOld =
  'nsslapd-plugin-depends-on-named' => 'nsslapd-plugin-depends-on-named',
 # these are new attrs that we should just pass through
  'nsslapd-allow-unauthenticated-binds' => 'nsslapd-allow-unauthenticated-binds',
+ 'nsslapd-allow-anonymous-access'  => 'nsslapd-allow-anonymous-access',
  'nsslapd-saslpath'                => 'nsslapd-saslpath',
  'nsslapd-rundir'                  => 'nsslapd-rundir',
  'nsslapd-schemadir'               => 'nsslapd-schemadir',
-- 
cgit